Pentagon Unveils Secure Mobile Device Plan

Military releases a new plan to accelerate the adoption of mobile devices and apps for both classified and unclassified use.

10 Great Mobile Government Apps

(click image for larger view and for slideshow)

The Department of Defense on Tuesday released a plan to accelerate the adoption of commercial mobile devices and secure mobile applications in the military for use with both unclassified and classified information.

The plan, which follows up on a mobile device strategy released in June 2012, grows out of an increasing recognition by top military officials and in high-level military strategy documents that mobile technologies will play a key role on the battlefield and for broader U.S. military success via improved collaboration and information sharing.

"This is not simply about embracing the newest technology," DOD CIO Teri Takai said in a statement accompanying the plan. "It is about keeping the Department's workforce relevant in an era when information accessibility and cybersecurity play a critical role in mission success." Takai added that military personnel are increasingly reliant on mobile technology "as a key capability enabler for joint force combat operations."

The plan itself says that it aims to establish a "framework to equip users and managers with mobile solutions that leverage commercial off-the-shelf products, improve functionality, decrease cost and enable increased personal productivity."

A calendar of deliverables is included in the plan, including developing enterprise mobile device management and app store platforms, rolling out mobile devices able to access secret and top secret information, and deploying thousands of centrally managed mobile devices.

Part of the plan will be a series of pilots, many of which are already underway. Those include the Army's Army App Store and Connecting Soldiers to Digital Applications program; the Navy's Digital Seabag and 4G/LTE Sea Trial; Special Operations Command's SECRET BlackBerry; the Marines' Trusted Handheld; DARPA's Secure iPad; and NSA's TIPSPIRAL.

As part of the plan, DOD will pursue a "unified MDM architecture" to ensure mobile security and ease of maintenance. It will also create a centralized mobile application store, a development platform with a code library and development and testing tools, a centralized app approval process, and a centralized governance process to establish mobile standards and policies for the entire military.

However, the strategy seems to leave room for significant flexibility. The strategy is intended to be device-agnostic, encourage cross-platform app interoperability and allow military services to buy devices themselves or from the Defense Information Systems Agency or General Services Administration. The military services similarly would be allowed to run their own app stores and mobile device management platforms or use centralized services and platforms provided by either DISA or GSA.

In part, DOD hopes that the strategy will help cut costs by leveraging the DOD's buying power as a huge institution. The military already has more than 600,000 mobile devices on its networks, including 470,000 BlackBerrys, 41,000 Apple iOS devices and 8,700 Android devices. As part of the plan, the DOD CIO will conduct a semi-annual audit on the total military-wide cost of mobility.

Still, it's unclear how across-the-board budget cuts as a result of sequestration could affect the execution of the military's plan. Takai's memo mentions in its introduction that the plan "is contingent on available funding."

It is great to use mobile technology for combat operations...Now... what happens if the enemy targets those devices, and does an Active Session Attack on them? i.e. yank those devices after the user logged in?MDM provide a great management tool, however, they are vulnerable to device attack and active session attack.bena@SecureAccessTechnologies.com

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.

Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."